Parkview, 04.05.2011 (PresseBox) -
Another hack and this time the personal details of 250,000 entrants to the X-Factor US competition appear to have been compromised. And, says Andy Kemshall, technical director of SecurEnvoy, this is the latest in a string of attacks on corporate servers to extract personal data, suggesting that cybercriminals are now building information profiles on people, rather than developing frauds around available credentials.

"This corporate hack is notable, both for the size of the database theft, and the fact it was made against the servers of music executive Simon Cowell, who is renowned for his attention to detail. This suggests that the server hack was carefully planned and one of a series of attacks on company systems," he said.

According to Kemshall, whose firm specialises in two factor authentication, the last few months have been peppered with reports of corporate servers being hacked, and large databases lifted for purposes unknown.

The Sony PlayStation Network and the Epsilon system hacks are the most high profile of these, he said, adding that there have been many more less-reported intrusions, suggesting that cybercriminals are now actively compiling data on large numbers of people for longer-term fraud.

"It's actually quite easy to see a pattern emerging in these attacks. Previously, frauds were card-centric and built around opportunistic database hacks, but the sheer volume of the system hacks in recent months suggests that there is a longer-term strategy involved," he said.

"We already know that people's credentials, including their names and unique identifiers such as social security/national insurance and address details, are being bought and sold on underground forums, along with dates-of-birth, email addresses and other personal data," he said.

"Our observations suggest that this data is being compiled into one or more databases, meaning that low-level frauds can be carried out on a steady basis, bursting into periods of high activity when the people's debit or credit card details become available," he added.

The SecurEnvoy technical director calls this strategy 'fraud data pimping' and notes this is something that the IT security industry has not seen before, but then, he says, cybercriminals have never had it so good, with the wealth of data on millions of people available to them.

The data from the attack against the servers of Simon Cowell's operation, Kemshall went on to say, could be used for phishing or phone-engineering scams against the contestants, but the fact that the FBI is investigating the hack suggests that a gang - who may be involved in other corporate attacks - carried out the systems intrusion.

"It's very easy to dismiss the X-Factor US systems database hack as a one-off incident, but if you look at the hack against the backdrop of a constant stream of corporate hacks in recent months, the reality starts to hit home," he said.

"And that reality is that cybercriminals are starting to conduct these attacks on a carefully planned basis, with the longer-term strategy of building their own fraudulent database on as many people as possible," he added.

The PresseBox site relays on the functionality of JavaScript. This seems not to be available in your browser. We appologize if parts of the website may not be full accessible with the lack of JavaScript.

Subscribe for news

The subscribtion service of the PresseBox informs you about press information of a certain topic by your choice at a choosen time. Please enter your email address to receive the email with the press releases.

An error occurred!

Thank you! You will receive a confirmation email within a few minutes.

I want to subscribe to the gratis press mail and have read and accepted the conditions.